I have a Win2k3 DC that has one of my DNS servers on it. I have removed all of the FSMO roles and confirmed they are removed. The user is a part of the Enterprise Admin group. When i try to remove the DC through dcpromo I get the following error in the dcpromo.log. I would like to keep from using /forceremoval but is this a sign of something wrong in my AD or just on the DC i am trying to remove. 7/06 14:24:32 [INFO] Removing Active Directory objects that refer to the local domain controller from the remote domain controller bugs.cic.scic.com… 07/06 14:24:32 [INFO] Error - Active Directory could not configure the computer account dc_name$ on the remote domain controller other_dc_name. (5) 07/06 14:24:33 [INFO] NtdsDemote returned 5 07/06 14:24:33 [INFO] DsRolepDemoteDs returned 5 07/06 14:24:33 [ERROR] Failed to demote the directory service (5)

try this: http://support.microsoft.com/kb/2000939With kind regards Krystian Zieja http://www.projectnenvision.com Follow me on twitter My Blog

I did that and now i get the following on dcpromo. the operation failed because: Failed to configure the service NETLOGON as requested. "The wait operation timed out" and in the dcpromo.log is the following: 07/07 09:02:24 [INFO] Informed NETLOGON to deregister records 07/07 09:02:24 [INFO] Stopping service NETLOGON 07/07 09:04:24 [INFO] StopService on NETLOGON failed with 258

Hello, if i understand you correct you try to demote a DC in an existing domain and have already transferred teh FSMO roles to another DC in the domain. Did you check with "netdom query fsmo" in a command prompt that the other DC is shown for having the FSMO roles? Also it can help to uncheck the Global catalog in AD sites and services on the NTDS settings from the DC you need to demote. Is connectivity given, check with pinging ip address, computer name and FQDN to the other DC, which also should be Global catalog server? Also post an undited ipconfig /all from the existing DC and the one you try to demote.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi Kirksh, Any updates? Regards, Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Correct you are DNS was the issue for me Change the NIC to point to the new dns server - away from the one you are trying to demote good call thanks

Verify that your account has sufficient permissions to the computer account in Active Directory. Even though your running dcpromo with domain admin account... If you haven't got full access to the computer object the operation will fail. And check so that "Protect this object from accidental deletion" isn't activated.

Thanks to citapinc, this is what resolved the issue for us!

Thanks sir Solution worked Great. Else the only way is to run Dcpromo /forceremoval and then through Metadata Cleanup remove all stresses from AD. I had 10 Domain Controllers to demote.... Once again Thanks